Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[StepSecurity] ci: Harden GitHub Actions #2325

Merged

Conversation

step-security-bot
Copy link
Contributor

@step-security-bot step-security-bot commented Oct 10, 2023

Summary

This pull request is created by Secure Repo at the request of @RafaelGSS. Please merge the Pull Request to incorporate the requested changes. Please tag @RafaelGSS on your message if you have any questions related to the PR. You can also engage with the StepSecurity team by tagging @step-security-bot.

Refs: nodejs/security-wg#859

Security Fixes

Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN.

Pinned Dependencies

GitHub Action tags and Docker tags are mutatble. This poses a security risk. GitHub's Security Hardening guide recommends pinning actions to full length commit.

Feedback

For bug reports, feature requests, and general feedback; please create an issue in step-security/secure-repo. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@codecov-commenter
Copy link

codecov-commenter commented Oct 10, 2023

Codecov Report

Attention: 3 lines in your changes are missing coverage. Please review.

Comparison is base (e39a632) 85.54% compared to head (7aee0b6) 85.43%.
Report is 36 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2325      +/-   ##
==========================================
- Coverage   85.54%   85.43%   -0.12%     
==========================================
  Files          76       76              
  Lines        6858     6867       +9     
==========================================
  Hits         5867     5867              
- Misses        991     1000       +9     
Files Coverage Δ
index-fetch.js 100.00% <100.00%> (ø)
lib/core/connect.js 80.00% <100.00%> (-1.25%) ⬇️
lib/fetch/body.js 97.67% <100.00%> (-0.02%) ⬇️
lib/fetch/global.js 100.00% <ø> (ø)
lib/fetch/index.js 85.23% <100.00%> (+0.02%) ⬆️
lib/pool.js 100.00% <100.00%> (ø)
lib/websocket/connection.js 89.15% <100.00%> (+0.13%) ⬆️
lib/websocket/frame.js 100.00% <100.00%> (ø)
lib/client.js 93.07% <92.30%> (-0.05%) ⬇️
lib/core/util.js 92.63% <85.71%> (-3.16%) ⬇️

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mcollina mcollina merged commit 882ff6d into nodejs:main Oct 10, 2023
15 of 18 checks passed
kodiakhq bot referenced this pull request in X-oss-byte/Canary-nextjs Oct 11, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [undici](https://undici.nodejs.org) ([source](https://github.com/nodejs/undici)) | [`5.25.4` -> `5.26.0`](https://renovatebot.com/diffs/npm/undici/5.25.4/5.26.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/5.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/5.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/5.25.4/5.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/5.25.4/5.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>nodejs/undici (undici)</summary>

### [`v5.26.0`](https://github.com/nodejs/undici/releases/tag/v5.26.0)

[Compare Source](https://github.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0)

#### What's Changed

-   use npm install instead of npm ci by [@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2309](https://github.com/nodejs/undici/pull/2309)
-   change default header to `node` by [@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2310](https://github.com/nodejs/undici/pull/2310)
-   chore: change order of the pseudo-headers by [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) in [https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
-   fix: Agent.Options.factory should accept URL object or string as parameter by [@&#8203;nicole0707](https://github.com/nicole0707) in [https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
-   build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@&#8203;dependabot](https://github.com/dependabot) in [https://github.com/nodejs/undici/pull/2312](https://github.com/nodejs/undici/pull/2312)
-   test: handle npm ignore-scripts settings by [@&#8203;panva](https://github.com/panva) in [https://github.com/nodejs/undici/pull/2313](https://github.com/nodejs/undici/pull/2313)
-   feat: respect `--max-http-header-size` Node.js flag by [@&#8203;balazsorban44](https://github.com/balazsorban44) in [https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
-   fix([#&#8203;2311](https://github.com/nodejs/undici/issues/2311)): End stream after body sent by [@&#8203;metcoder95](https://github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2314](https://github.com/nodejs/undici/pull/2314)
-   disallow setting host header in fetch by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2322](https://github.com/nodejs/undici/pull/2322)
-   \[StepSecurity] ci: Harden GitHub Actions by [@&#8203;step-security-bot](https://github.com/step-security-bot) in [https://github.com/nodejs/undici/pull/2325](https://github.com/nodejs/undici/pull/2325)
-   fix fetch with coverage enabled by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2330](https://github.com/nodejs/undici/pull/2330)
-   Fix stuck when using http2 POST Buffer by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)
-   fix: 🏷️ add allowH2 to BuildOptions by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2334](https://github.com/nodejs/undici/pull/2334)
-   fix: 🐛 fix process http2 header by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2332](https://github.com/nodejs/undici/pull/2332)

#### New Contributors

-   [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) made their first contribution in [https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
-   [@&#8203;nicole0707](https://github.com/nicole0707) made their first contribution in [https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
-   [@&#8203;balazsorban44](https://github.com/balazsorban44) made their first contribution in [https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
-   [@&#8203;binsee](https://github.com/binsee) made their first contribution in [https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)

**Full Changelog**: nodejs/undici@v5.23.4...v5.26.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/X-oss-byte/Canary-nextjs).
kodiakhq bot referenced this pull request in X-oss-byte/Nextjs Oct 11, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [undici](https://undici.nodejs.org) ([source](https://github.com/nodejs/undici)) | [`5.25.4` -> `5.26.0`](https://renovatebot.com/diffs/npm/undici/5.25.4/5.26.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/5.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/5.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/5.25.4/5.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/5.25.4/5.26.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>nodejs/undici (undici)</summary>

### [`v5.26.0`](https://github.com/nodejs/undici/releases/tag/v5.26.0)

[Compare Source](https://github.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0)

#### What's Changed

-   use npm install instead of npm ci by [@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2309](https://github.com/nodejs/undici/pull/2309)
-   change default header to `node` by [@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2310](https://github.com/nodejs/undici/pull/2310)
-   chore: change order of the pseudo-headers by [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) in [https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
-   fix: Agent.Options.factory should accept URL object or string as parameter by [@&#8203;nicole0707](https://github.com/nicole0707) in [https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
-   build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@&#8203;dependabot](https://github.com/dependabot) in [https://github.com/nodejs/undici/pull/2312](https://github.com/nodejs/undici/pull/2312)
-   test: handle npm ignore-scripts settings by [@&#8203;panva](https://github.com/panva) in [https://github.com/nodejs/undici/pull/2313](https://github.com/nodejs/undici/pull/2313)
-   feat: respect `--max-http-header-size` Node.js flag by [@&#8203;balazsorban44](https://github.com/balazsorban44) in [https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
-   fix([#&#8203;2311](https://github.com/nodejs/undici/issues/2311)): End stream after body sent by [@&#8203;metcoder95](https://github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2314](https://github.com/nodejs/undici/pull/2314)
-   disallow setting host header in fetch by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2322](https://github.com/nodejs/undici/pull/2322)
-   \[StepSecurity] ci: Harden GitHub Actions by [@&#8203;step-security-bot](https://github.com/step-security-bot) in [https://github.com/nodejs/undici/pull/2325](https://github.com/nodejs/undici/pull/2325)
-   fix fetch with coverage enabled by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2330](https://github.com/nodejs/undici/pull/2330)
-   Fix stuck when using http2 POST Buffer by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)
-   fix: 🏷️ add allowH2 to BuildOptions by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2334](https://github.com/nodejs/undici/pull/2334)
-   fix: 🐛 fix process http2 header by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2332](https://github.com/nodejs/undici/pull/2332)

#### New Contributors

-   [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) made their first contribution in [https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
-   [@&#8203;nicole0707](https://github.com/nicole0707) made their first contribution in [https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
-   [@&#8203;balazsorban44](https://github.com/balazsorban44) made their first contribution in [https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
-   [@&#8203;binsee](https://github.com/binsee) made their first contribution in [https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)

**Full Changelog**: nodejs/undici@v5.23.4...v5.26.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/X-oss-byte/Nextjs).
kfcampbell referenced this pull request in octokit/rest.js Oct 16, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [undici](https://undici.nodejs.org)
([source](https://github.com/nodejs/undici)) | [`5.22.1` ->
`5.26.2`](https://renovatebot.com/diffs/npm/undici/5.22.1/5.26.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/undici/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/5.22.1/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/5.22.1/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2023-45143](https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp)

### Impact

Undici clears Authorization headers on cross-origin redirects, but does
not clear `Cookie` headers. By design, `cookie` headers are [forbidden
request
headers](https://fetch.spec.whatwg.org/#forbidden-request-header),
disallowing them to be set in `RequestInit.headers` in browser
environments. Since Undici handles headers more liberally than the
specification, there was a disconnect from the assumptions the spec
made, and Undici's implementation of fetch.

As such this may lead to accidental leakage of cookie to a 3rd-party
site or a malicious attacker who can control the redirection target (ie.
an open redirector) to leak the cookie to the 3rd party site.

### Patches

This was patched in
[e041de359221ebeae04c469e8aff4145764e6d76](https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76),
which is included in version 5.26.2.

---

### Release Notes

<details>
<summary>nodejs/undici (undici)</summary>

### [`v5.26.2`](https://github.com/nodejs/undici/releases/tag/v5.26.2)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.26.1...v5.26.2)

Security Release, CVE-2023-45143.

### [`v5.26.1`](https://github.com/nodejs/undici/releases/tag/v5.26.1)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.26.0...v5.26.1)

#### What's Changed

- Fix publish undici-types once and for all! by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2338](https://github.com/nodejs/undici/pull/2338)
- Fix node detection omfg by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2341](https://github.com/nodejs/undici/pull/2341)

**Full Changelog**:
nodejs/undici@v5.26.0...v5.26.1

### [`v5.26.0`](https://github.com/nodejs/undici/releases/tag/v5.26.0)

[Compare
Source](https://github.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0)

#### What's Changed

- use npm install instead of npm ci by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2309](https://github.com/nodejs/undici/pull/2309)
- change default header to `node` by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2310](https://github.com/nodejs/undici/pull/2310)
- chore: change order of the pseudo-headers by
[@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) in
[https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
- fix: Agent.Options.factory should accept URL object or string as
parameter by [@&#8203;nicole0707](https://github.com/nicole0707) in
[https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
- build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2312](https://github.com/nodejs/undici/pull/2312)
- test: handle npm ignore-scripts settings by
[@&#8203;panva](https://github.com/panva) in
[https://github.com/nodejs/undici/pull/2313](https://github.com/nodejs/undici/pull/2313)
- feat: respect `--max-http-header-size` Node.js flag by
[@&#8203;balazsorban44](https://github.com/balazsorban44) in
[https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
- fix([#&#8203;2311](https://github.com/nodejs/undici/issues/2311)):
End stream after body sent by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2314](https://github.com/nodejs/undici/pull/2314)
- disallow setting host header in fetch by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2322](https://github.com/nodejs/undici/pull/2322)
- \[StepSecurity] ci: Harden GitHub Actions by
[@&#8203;step-security-bot](https://github.com/step-security-bot) in
[https://github.com/nodejs/undici/pull/2325](https://github.com/nodejs/undici/pull/2325)
- fix fetch with coverage enabled by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2330](https://github.com/nodejs/undici/pull/2330)
- Fix stuck when using http2 POST Buffer by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)
- fix: 🏷️ add allowH2 to BuildOptions by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2334](https://github.com/nodejs/undici/pull/2334)
- fix: 🐛 fix process http2 header by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2332](https://github.com/nodejs/undici/pull/2332)

#### New Contributors

- [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) made
their first contribution in
[https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
- [@&#8203;nicole0707](https://github.com/nicole0707) made their first
contribution in
[https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
- [@&#8203;balazsorban44](https://github.com/balazsorban44) made their
first contribution in
[https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
- [@&#8203;binsee](https://github.com/binsee) made their first
contribution in
[https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)

**Full Changelog**:
nodejs/undici@v5.23.4...v5.26.0

###
[`v5.25.4`](https://github.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787)

### [`v5.25.3`](https://github.com/nodejs/undici/releases/tag/v5.25.3)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.2...v5.25.3)

#### What's Changed

- perf: improve parse-url implementation by
[@&#8203;anonrig](https://github.com/anonrig) in
[https://github.com/nodejs/undici/pull/2286](https://github.com/nodejs/undici/pull/2286)
- test: enable websockets inclusion in WPTReport by
[@&#8203;panva](https://github.com/panva) in
[https://github.com/nodejs/undici/pull/2284](https://github.com/nodejs/undici/pull/2284)
- remove npm run test from pre-commit hook by
[@&#8203;dancastillo](https://github.com/dancastillo) in
[https://github.com/nodejs/undici/pull/2296](https://github.com/nodejs/undici/pull/2296)
- perf: use
[@&#8203;fastify/busboy](https://github.com/fastify/busboy) by
[@&#8203;gurgunday](https://github.com/gurgunday) in
[https://github.com/nodejs/undici/pull/2211](https://github.com/nodejs/undici/pull/2211)
- Disable finalizationregistry if node code cov by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2298](https://github.com/nodejs/undici/pull/2298)

#### New Contributors

- [@&#8203;gurgunday](https://github.com/gurgunday) made their first
contribution in
[https://github.com/nodejs/undici/pull/2211](https://github.com/nodejs/undici/pull/2211)

**Full Changelog**:
nodejs/undici@v5.25.2...v5.25.3

### [`v5.25.2`](https://github.com/nodejs/undici/releases/tag/v5.25.2)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.1...v5.25.2)

#### What's Changed

- Add Khaf to releasers by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2276](https://github.com/nodejs/undici/pull/2276)
- fix: fix request with readable mode is object by
[@&#8203;killagu](https://github.com/killagu) in
[https://github.com/nodejs/undici/pull/2279](https://github.com/nodejs/undici/pull/2279)
- fix loading websockets when node is built w/ --without-ssl by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2282](https://github.com/nodejs/undici/pull/2282)

#### New Contributors

- [@&#8203;killagu](https://github.com/killagu) made their first
contribution in
[https://github.com/nodejs/undici/pull/2279](https://github.com/nodejs/undici/pull/2279)

**Full Changelog**:
nodejs/undici@v5.25.1...v5.25.2

### [`v5.25.1`](https://github.com/nodejs/undici/releases/tag/v5.25.1)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.0...v5.25.1)

#### What's Changed

- Add publish types script by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2273](https://github.com/nodejs/undici/pull/2273)

**Full Changelog**:
nodejs/undici@v5.25.0...v5.25.1

### [`v5.25.0`](https://github.com/nodejs/undici/releases/tag/v5.25.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.24.0...v5.25.0)

#### What's Changed

- fix: h2 without body by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2258](https://github.com/nodejs/undici/pull/2258)
- ci: remove duplicated runs by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2265](https://github.com/nodejs/undici/pull/2265)
- improve documentation of timeouts by making the units clear in all
places by [@&#8203;mcfedr](https://github.com/mcfedr) in
[https://github.com/nodejs/undici/pull/2266](https://github.com/nodejs/undici/pull/2266)
- expose websocket in node bundle by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2217](https://github.com/nodejs/undici/pull/2217)
- test: fix Fetch/HTTP2 tests by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2263](https://github.com/nodejs/undici/pull/2263)
- fix undici when node is built with --without-ssl by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2272](https://github.com/nodejs/undici/pull/2272)
- fix: Fix type definition for Client Interceptors by
[@&#8203;ComradeCow](https://github.com/ComradeCow) in
[https://github.com/nodejs/undici/pull/2269](https://github.com/nodejs/undici/pull/2269)
- Fix http2 agent by [@&#8203;mcollina](https://github.com/mcollina)
in
[https://github.com/nodejs/undici/pull/2275](https://github.com/nodejs/undici/pull/2275)

#### New Contributors

- [@&#8203;ComradeCow](https://github.com/ComradeCow) made their first
contribution in
[https://github.com/nodejs/undici/pull/2269](https://github.com/nodejs/undici/pull/2269)

**Full Changelog**:
nodejs/undici@v5.24.0...v5.25.0

### [`v5.24.0`](https://github.com/nodejs/undici/releases/tag/v5.24.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.23.0...v5.24.0)

#### Notable Changes

- feat: Add H2 support by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2061](https://github.com/nodejs/undici/pull/2061)

#### What's Changed

- build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2203](https://github.com/nodejs/undici/pull/2203)
- better stack trace for body.json by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2215](https://github.com/nodejs/undici/pull/2215)
- allow http & https websocket urls by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2218](https://github.com/nodejs/undici/pull/2218)
- build(deps-dev): bump
[@&#8203;sinonjs/fake-timers](https://github.com/sinonjs/fake-timers)
from 10.3.0 to 11.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2221](https://github.com/nodejs/undici/pull/2221)
- fix: pass ProxyAgent proxy status code error by
[@&#8203;NBNGaming](https://github.com/NBNGaming) in
[https://github.com/nodejs/undici/pull/2162](https://github.com/nodejs/undici/pull/2162)
- fix failing test by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2223](https://github.com/nodejs/undici/pull/2223)
- docs: update MockPool.md intercept method description by
[@&#8203;capaj](https://github.com/capaj) in
[https://github.com/nodejs/undici/pull/2220](https://github.com/nodejs/undici/pull/2220)
- Update wpts by [@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2226](https://github.com/nodejs/undici/pull/2226)
- build(deps): bump github/codeql-action from 2.21.2 to 2.21.5 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2240](https://github.com/nodejs/undici/pull/2240)
- build(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2237](https://github.com/nodejs/undici/pull/2237)
- build(deps): bump fastify/github-action-merge-dependabot from 3.9.0 to
3.9.1 by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2236](https://github.com/nodejs/undici/pull/2236)
- build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2241](https://github.com/nodejs/undici/pull/2241)
- build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.8
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2238](https://github.com/nodejs/undici/pull/2238)
- fix: aborting request with non-object error by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2243](https://github.com/nodejs/undici/pull/2243)
- fix: preserve file path when parsing formdata by
[@&#8203;jimmywarting](https://github.com/jimmywarting) in
[https://github.com/nodejs/undici/pull/2245](https://github.com/nodejs/undici/pull/2245)
- build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2246](https://github.com/nodejs/undici/pull/2246)
- Updated benchmarks by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2250](https://github.com/nodejs/undici/pull/2250)
- Fix fetch in node v20.6.0 by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2251](https://github.com/nodejs/undici/pull/2251)
- Maybe fix v20 by [@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2252](https://github.com/nodejs/undici/pull/2252)
- feat: Add H2 support by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2061](https://github.com/nodejs/undici/pull/2061)
- docs: fix tables in README by
[@&#8203;regseb](https://github.com/regseb) in
[https://github.com/nodejs/undici/pull/2254](https://github.com/nodejs/undici/pull/2254)
- Fix http2 fetch test by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2253](https://github.com/nodejs/undici/pull/2253)

#### New Contributors

- [@&#8203;NBNGaming](https://github.com/NBNGaming) made their first
contribution in
[https://github.com/nodejs/undici/pull/2162](https://github.com/nodejs/undici/pull/2162)
- [@&#8203;capaj](https://github.com/capaj) made their first
contribution in
[https://github.com/nodejs/undici/pull/2220](https://github.com/nodejs/undici/pull/2220)
- [@&#8203;regseb](https://github.com/regseb) made their first
contribution in
[https://github.com/nodejs/undici/pull/2254](https://github.com/nodejs/undici/pull/2254)

**Full Changelog**:
nodejs/undici@v5.23.0...v5.24.0

### [`v5.23.0`](https://github.com/nodejs/undici/releases/tag/v5.23.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.22.1...v5.23.0)

#### What's Changed

- bump engines to node >= 16 by
[@&#8203;ronag](https://github.com/ronag) in
[https://github.com/nodejs/undici/pull/2119](https://github.com/nodejs/undici/pull/2119)
- Revert "bump engines to node >= 16
([#&#8203;2119](https://github.com/nodejs/undici/issues/2119))" by
[@&#8203;ronag](https://github.com/ronag) in
[https://github.com/nodejs/undici/pull/2121](https://github.com/nodejs/undici/pull/2121)
- fetch: set referrer properly by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2125](https://github.com/nodejs/undici/pull/2125)
- fix: support truncated gzip by
[@&#8203;jimmywarting](https://github.com/jimmywarting) in
[https://github.com/nodejs/undici/pull/2126](https://github.com/nodejs/undici/pull/2126)
- workflow: apply security best practices by
[@&#8203;step-security-bot](https://github.com/step-security-bot) in
[https://github.com/nodejs/undici/pull/2130](https://github.com/nodejs/undici/pull/2130)
- build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2135](https://github.com/nodejs/undici/pull/2135)
- build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2133](https://github.com/nodejs/undici/pull/2133)
- build(deps): bump node from 18-alpine to 20-alpine in /build by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2131](https://github.com/nodejs/undici/pull/2131)
- build(deps): bump pkgjs/action from 0.1.6 to 0.1.7 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2136](https://github.com/nodejs/undici/pull/2136)
- build(deps): bump actions/checkout from 3.1.0 to 3.5.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2132](https://github.com/nodejs/undici/pull/2132)
- build(deps-dev): bump jsdom from 21.1.2 to 22.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2142](https://github.com/nodejs/undici/pull/2142)
- build(deps): bump fastify/github-action-merge-dependabot from 3.7.0 to
3.8.0 by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2148](https://github.com/nodejs/undici/pull/2148)
- fix(pr): use correct pr template file by
[@&#8203;AugustinMauroy](https://github.com/AugustinMauroy) in
[https://github.com/nodejs/undici/pull/2141](https://github.com/nodejs/undici/pull/2141)
- Additional WebSocket send tests to cover all payload size categories
by [@&#8203;jawj](https://github.com/jawj) in
[https://github.com/nodejs/undici/pull/2149](https://github.com/nodejs/undici/pull/2149)
- fix: reverse decompression order of "Content-Encoding" encodings
(fixes [#&#8203;2158](https://github.com/nodejs/undici/issues/2158))
by [@&#8203;rychkog](https://github.com/rychkog) in
[https://github.com/nodejs/undici/pull/2159](https://github.com/nodejs/undici/pull/2159)
- fix: keep running WPTs if a test times out by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2165](https://github.com/nodejs/undici/pull/2165)
- feat: add build environment info by
[@&#8203;mhdawson](https://github.com/mhdawson) in
[https://github.com/nodejs/undici/pull/2168](https://github.com/nodejs/undici/pull/2168)
- fix: forward error reason to fetch controller by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2172](https://github.com/nodejs/undici/pull/2172)
- stricter types for bodymixin.json by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2181](https://github.com/nodejs/undici/pull/2181)
- chore: Renable autoSelectFamily tests. by
[@&#8203;ShogunPanda](https://github.com/ShogunPanda) in
[https://github.com/nodejs/undici/pull/2180](https://github.com/nodejs/undici/pull/2180)
- build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2147](https://github.com/nodejs/undici/pull/2147)
- build(deps): bump github/codeql-action from 2.3.2 to 2.20.3 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2185](https://github.com/nodejs/undici/pull/2185)
- fix: fetch resource timing performance entry names should be strings
by [@&#8203;GaryWilber](https://github.com/GaryWilber) in
[https://github.com/nodejs/undici/pull/2188](https://github.com/nodejs/undici/pull/2188)
- build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2176](https://github.com/nodejs/undici/pull/2176)
- build(deps): bump fastify/github-action-merge-dependabot from 3.8.0 to
3.9.0 by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2177](https://github.com/nodejs/undici/pull/2177)
- build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2178](https://github.com/nodejs/undici/pull/2178)
- build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2175](https://github.com/nodejs/undici/pull/2175)
- test: fix `autoselectfamily` on platforms without IPv6 support by
[@&#8203;LiviaMedeiros](https://github.com/LiviaMedeiros) in
[https://github.com/nodejs/undici/pull/2197](https://github.com/nodejs/undici/pull/2197)
- fix: make multipart/form-data boundary string more consistent by
[@&#8203;LiviaMedeiros](https://github.com/LiviaMedeiros) in
[https://github.com/nodejs/undici/pull/2196](https://github.com/nodejs/undici/pull/2196)
- docs: add proxy agent options docs by
[@&#8203;dancastillo](https://github.com/dancastillo) in
[https://github.com/nodejs/undici/pull/2193](https://github.com/nodejs/undici/pull/2193)
- build(deps): bump github/codeql-action from 2.20.3 to 2.21.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2205](https://github.com/nodejs/undici/pull/2205)
- feat: make use of `addAbortListener` where applicable by
[@&#8203;atlowChemi](https://github.com/atlowChemi) in
[https://github.com/nodejs/undici/pull/2195](https://github.com/nodejs/undici/pull/2195)

#### New Contributors

- [@&#8203;step-security-bot](https://github.com/step-security-bot)
made their first contribution in
[https://github.com/nodejs/undici/pull/2130](https://github.com/nodejs/undici/pull/2130)
- [@&#8203;AugustinMauroy](https://github.com/AugustinMauroy) made
their first contribution in
[https://github.com/nodejs/undici/pull/2141](https://github.com/nodejs/undici/pull/2141)
- [@&#8203;rychkog](https://github.com/rychkog) made their first
contribution in
[https://github.com/nodejs/undici/pull/2159](https://github.com/nodejs/undici/pull/2159)
- [@&#8203;mhdawson](https://github.com/mhdawson) made their first
contribution in
[https://github.com/nodejs/undici/pull/2168](https://github.com/nodejs/undici/pull/2168)
- [@&#8203;GaryWilber](https://github.com/GaryWilber) made their first
contribution in
[https://github.com/nodejs/undici/pull/2188](https://github.com/nodejs/undici/pull/2188)
- [@&#8203;atlowChemi](https://github.com/atlowChemi) made their first
contribution in
[https://github.com/nodejs/undici/pull/2195](https://github.com/nodejs/undici/pull/2195)

**Full Changelog**:
nodejs/undici@v5.22.1...v5.23.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/octokit/rest.js).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot referenced this pull request in specfy/specfy Oct 16, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [undici](https://undici.nodejs.org)
([source](https://github.com/nodejs/undici)) | [`5.23.0` ->
`5.26.2`](https://renovatebot.com/diffs/npm/undici/5.23.0/5.26.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/undici/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/5.23.0/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/5.23.0/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2023-45143](https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp)

### Impact

Undici clears Authorization headers on cross-origin redirects, but does
not clear `Cookie` headers. By design, `cookie` headers are [forbidden
request
headers](https://fetch.spec.whatwg.org/#forbidden-request-header),
disallowing them to be set in `RequestInit.headers` in browser
environments. Since Undici handles headers more liberally than the
specification, there was a disconnect from the assumptions the spec
made, and Undici's implementation of fetch.

As such this may lead to accidental leakage of cookie to a 3rd-party
site or a malicious attacker who can control the redirection target (ie.
an open redirector) to leak the cookie to the 3rd party site.

### Patches

This was patched in
[e041de359221ebeae04c469e8aff4145764e6d76](https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76),
which is included in version 5.26.2.

---

### Release Notes

<details>
<summary>nodejs/undici (undici)</summary>

### [`v5.26.2`](https://github.com/nodejs/undici/releases/tag/v5.26.2)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.26.1...v5.26.2)

Security Release, CVE-2023-45143.

### [`v5.26.1`](https://github.com/nodejs/undici/releases/tag/v5.26.1)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.26.0...v5.26.1)

#### What's Changed

- Fix publish undici-types once and for all! by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2338](https://github.com/nodejs/undici/pull/2338)
- Fix node detection omfg by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2341](https://github.com/nodejs/undici/pull/2341)

**Full Changelog**:
nodejs/undici@v5.26.0...v5.26.1

### [`v5.26.0`](https://github.com/nodejs/undici/releases/tag/v5.26.0)

[Compare
Source](https://github.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0)

#### What's Changed

- use npm install instead of npm ci by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2309](https://github.com/nodejs/undici/pull/2309)
- change default header to `node` by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2310](https://github.com/nodejs/undici/pull/2310)
- chore: change order of the pseudo-headers by
[@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) in
[https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
- fix: Agent.Options.factory should accept URL object or string as
parameter by [@&#8203;nicole0707](https://github.com/nicole0707) in
[https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
- build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2312](https://github.com/nodejs/undici/pull/2312)
- test: handle npm ignore-scripts settings by
[@&#8203;panva](https://github.com/panva) in
[https://github.com/nodejs/undici/pull/2313](https://github.com/nodejs/undici/pull/2313)
- feat: respect `--max-http-header-size` Node.js flag by
[@&#8203;balazsorban44](https://github.com/balazsorban44) in
[https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
- fix([#&#8203;2311](https://github.com/nodejs/undici/issues/2311)):
End stream after body sent by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2314](https://github.com/nodejs/undici/pull/2314)
- disallow setting host header in fetch by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2322](https://github.com/nodejs/undici/pull/2322)
- \[StepSecurity] ci: Harden GitHub Actions by
[@&#8203;step-security-bot](https://github.com/step-security-bot) in
[https://github.com/nodejs/undici/pull/2325](https://github.com/nodejs/undici/pull/2325)
- fix fetch with coverage enabled by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2330](https://github.com/nodejs/undici/pull/2330)
- Fix stuck when using http2 POST Buffer by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)
- fix: 🏷️ add allowH2 to BuildOptions by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2334](https://github.com/nodejs/undici/pull/2334)
- fix: 🐛 fix process http2 header by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2332](https://github.com/nodejs/undici/pull/2332)

#### New Contributors

- [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) made
their first contribution in
[https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
- [@&#8203;nicole0707](https://github.com/nicole0707) made their first
contribution in
[https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
- [@&#8203;balazsorban44](https://github.com/balazsorban44) made their
first contribution in
[https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
- [@&#8203;binsee](https://github.com/binsee) made their first
contribution in
[https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)

**Full Changelog**:
nodejs/undici@v5.23.4...v5.26.0

###
[`v5.25.4`](https://github.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787)

### [`v5.25.3`](https://github.com/nodejs/undici/releases/tag/v5.25.3)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.2...v5.25.3)

#### What's Changed

- perf: improve parse-url implementation by
[@&#8203;anonrig](https://github.com/anonrig) in
[https://github.com/nodejs/undici/pull/2286](https://github.com/nodejs/undici/pull/2286)
- test: enable websockets inclusion in WPTReport by
[@&#8203;panva](https://github.com/panva) in
[https://github.com/nodejs/undici/pull/2284](https://github.com/nodejs/undici/pull/2284)
- remove npm run test from pre-commit hook by
[@&#8203;dancastillo](https://github.com/dancastillo) in
[https://github.com/nodejs/undici/pull/2296](https://github.com/nodejs/undici/pull/2296)
- perf: use
[@&#8203;fastify/busboy](https://github.com/fastify/busboy) by
[@&#8203;gurgunday](https://github.com/gurgunday) in
[https://github.com/nodejs/undici/pull/2211](https://github.com/nodejs/undici/pull/2211)
- Disable finalizationregistry if node code cov by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2298](https://github.com/nodejs/undici/pull/2298)

#### New Contributors

- [@&#8203;gurgunday](https://github.com/gurgunday) made their first
contribution in
[https://github.com/nodejs/undici/pull/2211](https://github.com/nodejs/undici/pull/2211)

**Full Changelog**:
nodejs/undici@v5.25.2...v5.25.3

### [`v5.25.2`](https://github.com/nodejs/undici/releases/tag/v5.25.2)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.1...v5.25.2)

#### What's Changed

- Add Khaf to releasers by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2276](https://github.com/nodejs/undici/pull/2276)
- fix: fix request with readable mode is object by
[@&#8203;killagu](https://github.com/killagu) in
[https://github.com/nodejs/undici/pull/2279](https://github.com/nodejs/undici/pull/2279)
- fix loading websockets when node is built w/ --without-ssl by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2282](https://github.com/nodejs/undici/pull/2282)

#### New Contributors

- [@&#8203;killagu](https://github.com/killagu) made their first
contribution in
[https://github.com/nodejs/undici/pull/2279](https://github.com/nodejs/undici/pull/2279)

**Full Changelog**:
nodejs/undici@v5.25.1...v5.25.2

### [`v5.25.1`](https://github.com/nodejs/undici/releases/tag/v5.25.1)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.0...v5.25.1)

#### What's Changed

- Add publish types script by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2273](https://github.com/nodejs/undici/pull/2273)

**Full Changelog**:
nodejs/undici@v5.25.0...v5.25.1

### [`v5.25.0`](https://github.com/nodejs/undici/releases/tag/v5.25.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.24.0...v5.25.0)

#### What's Changed

- fix: h2 without body by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2258](https://github.com/nodejs/undici/pull/2258)
- ci: remove duplicated runs by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2265](https://github.com/nodejs/undici/pull/2265)
- improve documentation of timeouts by making the units clear in all
places by [@&#8203;mcfedr](https://github.com/mcfedr) in
[https://github.com/nodejs/undici/pull/2266](https://github.com/nodejs/undici/pull/2266)
- expose websocket in node bundle by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2217](https://github.com/nodejs/undici/pull/2217)
- test: fix Fetch/HTTP2 tests by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2263](https://github.com/nodejs/undici/pull/2263)
- fix undici when node is built with --without-ssl by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2272](https://github.com/nodejs/undici/pull/2272)
- fix: Fix type definition for Client Interceptors by
[@&#8203;ComradeCow](https://github.com/ComradeCow) in
[https://github.com/nodejs/undici/pull/2269](https://github.com/nodejs/undici/pull/2269)
- Fix http2 agent by [@&#8203;mcollina](https://github.com/mcollina)
in
[https://github.com/nodejs/undici/pull/2275](https://github.com/nodejs/undici/pull/2275)

#### New Contributors

- [@&#8203;ComradeCow](https://github.com/ComradeCow) made their first
contribution in
[https://github.com/nodejs/undici/pull/2269](https://github.com/nodejs/undici/pull/2269)

**Full Changelog**:
nodejs/undici@v5.24.0...v5.25.0

### [`v5.24.0`](https://github.com/nodejs/undici/releases/tag/v5.24.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.23.0...v5.24.0)

#### Notable Changes

- feat: Add H2 support by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2061](https://github.com/nodejs/undici/pull/2061)

#### What's Changed

- build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2203](https://github.com/nodejs/undici/pull/2203)
- better stack trace for body.json by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2215](https://github.com/nodejs/undici/pull/2215)
- allow http & https websocket urls by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2218](https://github.com/nodejs/undici/pull/2218)
- build(deps-dev): bump
[@&#8203;sinonjs/fake-timers](https://github.com/sinonjs/fake-timers)
from 10.3.0 to 11.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2221](https://github.com/nodejs/undici/pull/2221)
- fix: pass ProxyAgent proxy status code error by
[@&#8203;NBNGaming](https://github.com/NBNGaming) in
[https://github.com/nodejs/undici/pull/2162](https://github.com/nodejs/undici/pull/2162)
- fix failing test by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2223](https://github.com/nodejs/undici/pull/2223)
- docs: update MockPool.md intercept method description by
[@&#8203;capaj](https://github.com/capaj) in
[https://github.com/nodejs/undici/pull/2220](https://github.com/nodejs/undici/pull/2220)
- Update wpts by [@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2226](https://github.com/nodejs/undici/pull/2226)
- build(deps): bump github/codeql-action from 2.21.2 to 2.21.5 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2240](https://github.com/nodejs/undici/pull/2240)
- build(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2237](https://github.com/nodejs/undici/pull/2237)
- build(deps): bump fastify/github-action-merge-dependabot from 3.9.0 to
3.9.1 by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2236](https://github.com/nodejs/undici/pull/2236)
- build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2241](https://github.com/nodejs/undici/pull/2241)
- build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.8
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2238](https://github.com/nodejs/undici/pull/2238)
- fix: aborting request with non-object error by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2243](https://github.com/nodejs/undici/pull/2243)
- fix: preserve file path when parsing formdata by
[@&#8203;jimmywarting](https://github.com/jimmywarting) in
[https://github.com/nodejs/undici/pull/2245](https://github.com/nodejs/undici/pull/2245)
- build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2246](https://github.com/nodejs/undici/pull/2246)
- Updated benchmarks by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2250](https://github.com/nodejs/undici/pull/2250)
- Fix fetch in node v20.6.0 by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2251](https://github.com/nodejs/undici/pull/2251)
- Maybe fix v20 by [@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2252](https://github.com/nodejs/undici/pull/2252)
- feat: Add H2 support by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2061](https://github.com/nodejs/undici/pull/2061)
- docs: fix tables in README by
[@&#8203;regseb](https://github.com/regseb) in
[https://github.com/nodejs/undici/pull/2254](https://github.com/nodejs/undici/pull/2254)
- Fix http2 fetch test by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2253](https://github.com/nodejs/undici/pull/2253)

#### New Contributors

- [@&#8203;NBNGaming](https://github.com/NBNGaming) made their first
contribution in
[https://github.com/nodejs/undici/pull/2162](https://github.com/nodejs/undici/pull/2162)
- [@&#8203;capaj](https://github.com/capaj) made their first
contribution in
[https://github.com/nodejs/undici/pull/2220](https://github.com/nodejs/undici/pull/2220)
- [@&#8203;regseb](https://github.com/regseb) made their first
contribution in
[https://github.com/nodejs/undici/pull/2254](https://github.com/nodejs/undici/pull/2254)

**Full Changelog**:
nodejs/undici@v5.23.0...v5.24.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Paris, Automerge
- At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/specfy/specfy).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMTkuMiIsInRhcmdldEJyYW5jaCI6ImNob3JlL3Jlbm92YXRlQmFzZUJyYW5jaCJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
kodiakhq bot referenced this pull request in ascorbic/unpic-img Nov 12, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [undici](https://undici.nodejs.org) ([source](https://github.com/nodejs/undici)) | [`5.25.4` -> `5.27.2`](https://renovatebot.com/diffs/npm/undici/5.25.4/5.27.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/undici/5.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/5.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/5.25.4/5.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/5.25.4/5.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>nodejs/undici (undici)</summary>

### [`v5.27.2`](https://github.com/nodejs/undici/releases/tag/v5.27.2)

[Compare Source](https://github.com/nodejs/undici/compare/v5.27.1...v5.27.2)

**Full Changelog**: nodejs/undici@v5.27.1...v5.27.2

### [`v5.27.1`](https://github.com/nodejs/undici/releases/tag/v5.27.1)

[Compare Source](https://github.com/nodejs/undici/compare/v5.27.0...v5.27.1)

#### What's Changed

-   add regression test by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2376](https://github.com/nodejs/undici/pull/2376)
-   fix: define conditions when content-length should be sent  by [@&#8203;pxue](https://github.com/pxue) in [https://github.com/nodejs/undici/pull/2305](https://github.com/nodejs/undici/pull/2305)
-   refactor: removed unnecessary default by [@&#8203;nikelborm](https://github.com/nikelborm) in [https://github.com/nodejs/undici/pull/2381](https://github.com/nodejs/undici/pull/2381)
-   fix: stream body handling by [@&#8203;ronag](https://github.com/ronag) in [https://github.com/nodejs/undici/pull/2391](https://github.com/nodejs/undici/pull/2391)

#### New Contributors

-   [@&#8203;pxue](https://github.com/pxue) made their first contribution in [https://github.com/nodejs/undici/pull/2305](https://github.com/nodejs/undici/pull/2305)
-   [@&#8203;nikelborm](https://github.com/nikelborm) made their first contribution in [https://github.com/nodejs/undici/pull/2381](https://github.com/nodejs/undici/pull/2381)

**Full Changelog**: nodejs/undici@v5.27.0...v5.27.1

### [`v5.27.0`](https://github.com/nodejs/undici/releases/tag/v5.27.0)

[Compare Source](https://github.com/nodejs/undici/compare/v5.26.5...v5.27.0)

#### What's Changed

-   Use sets and reusable TextEncoder/TextDecoder instances by [@&#8203;kibertoad](https://github.com/kibertoad) in [https://github.com/nodejs/undici/pull/2368](https://github.com/nodejs/undici/pull/2368)
-   feat: forward onRequestSent to handler by [@&#8203;ronag](https://github.com/ronag) in [https://github.com/nodejs/undici/pull/2375](https://github.com/nodejs/undici/pull/2375)
-   skip bundle test on node 16 by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2377](https://github.com/nodejs/undici/pull/2377)
-   fix windows CI by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2379](https://github.com/nodejs/undici/pull/2379)

**Full Changelog**: nodejs/undici@v5.26.5...v5.27.0

### [`v5.26.5`](https://github.com/nodejs/undici/releases/tag/v5.26.5)

[Compare Source](https://github.com/nodejs/undici/compare/v5.26.4...v5.26.5)

#### What's Changed

-   Drop race condition in connect-timeout test by [@&#8203;mcollina](https://github.com/mcollina) in [https://github.com/nodejs/undici/pull/2360](https://github.com/nodejs/undici/pull/2360)
-   Remove a couple of unnecessary async functions by [@&#8203;kibertoad](https://github.com/kibertoad) in [https://github.com/nodejs/undici/pull/2367](https://github.com/nodejs/undici/pull/2367)
-   Update namespace type with Fetch exports by [@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2361](https://github.com/nodejs/undici/pull/2361)

**Full Changelog**: nodejs/undici@v5.26.4...v5.26.5

### [`v5.26.4`](https://github.com/nodejs/undici/releases/tag/v5.26.4)

[Compare Source](https://github.com/nodejs/undici/compare/v5.26.3...v5.26.4)

#### What's Changed

-   use esbuild define/hooks by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2342](https://github.com/nodejs/undici/pull/2342)
-   fix request's arrayBuffer returning uint8 instead of arraybuffer by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2344](https://github.com/nodejs/undici/pull/2344)
-   fix: skip readMore call if parser is null or undefined by [@&#8203;iiAku](https://github.com/iiAku) in [https://github.com/nodejs/undici/pull/2346](https://github.com/nodejs/undici/pull/2346)
-   test: first attempt for flaky fix by [@&#8203;metcoder95](https://github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2337](https://github.com/nodejs/undici/pull/2337)
-   test: only include WebSocket in WPT Report where it's landed by [@&#8203;panva](https://github.com/panva) in [https://github.com/nodejs/undici/pull/2351](https://github.com/nodejs/undici/pull/2351)
-   Update DispatchInterceptor.md by [@&#8203;Uzlopak](https://github.com/Uzlopak) in [https://github.com/nodejs/undici/pull/2354](https://github.com/nodejs/undici/pull/2354)
-   fix: Avoid error for stream() being aborted by [@&#8203;BobNobrain](https://github.com/BobNobrain) in [https://github.com/nodejs/undici/pull/2355](https://github.com/nodejs/undici/pull/2355)
-   fix names with esbuild by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2359](https://github.com/nodejs/undici/pull/2359)

#### New Contributors

-   [@&#8203;iiAku](https://github.com/iiAku) made their first contribution in [https://github.com/nodejs/undici/pull/2346](https://github.com/nodejs/undici/pull/2346)
-   [@&#8203;Uzlopak](https://github.com/Uzlopak) made their first contribution in [https://github.com/nodejs/undici/pull/2354](https://github.com/nodejs/undici/pull/2354)
-   [@&#8203;BobNobrain](https://github.com/BobNobrain) made their first contribution in [https://github.com/nodejs/undici/pull/2355](https://github.com/nodejs/undici/pull/2355)

**Full Changelog**: nodejs/undici@v5.26.3...v5.26.4

### [`v5.26.3`](https://github.com/nodejs/undici/compare/12a62187d45f332cf39dd405f7c52b759cf40cdd...227b9bedf233f741b86dda4ae9d1c7ad69f5d75c)

[Compare Source](https://github.com/nodejs/undici/compare/v5.26.2...v5.26.3)

### [`v5.26.2`](https://github.com/nodejs/undici/releases/tag/v5.26.2)

[Compare Source](https://github.com/nodejs/undici/compare/v5.26.1...v5.26.2)

Security Release, CVE-2023-45143.

### [`v5.26.1`](https://github.com/nodejs/undici/releases/tag/v5.26.1)

[Compare Source](https://github.com/nodejs/undici/compare/v5.26.0...v5.26.1)

#### What's Changed

-   Fix publish undici-types once and for all! by [@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2338](https://github.com/nodejs/undici/pull/2338)
-   Fix node detection omfg by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2341](https://github.com/nodejs/undici/pull/2341)

**Full Changelog**: nodejs/undici@v5.26.0...v5.26.1

### [`v5.26.0`](https://github.com/nodejs/undici/releases/tag/v5.26.0)

[Compare Source](https://github.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0)

#### What's Changed

-   use npm install instead of npm ci by [@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2309](https://github.com/nodejs/undici/pull/2309)
-   change default header to `node` by [@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in [https://github.com/nodejs/undici/pull/2310](https://github.com/nodejs/undici/pull/2310)
-   chore: change order of the pseudo-headers by [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) in [https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
-   fix: Agent.Options.factory should accept URL object or string as parameter by [@&#8203;nicole0707](https://github.com/nicole0707) in [https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
-   build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by [@&#8203;dependabot](https://github.com/dependabot) in [https://github.com/nodejs/undici/pull/2312](https://github.com/nodejs/undici/pull/2312)
-   test: handle npm ignore-scripts settings by [@&#8203;panva](https://github.com/panva) in [https://github.com/nodejs/undici/pull/2313](https://github.com/nodejs/undici/pull/2313)
-   feat: respect `--max-http-header-size` Node.js flag by [@&#8203;balazsorban44](https://github.com/balazsorban44) in [https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
-   fix([#&#8203;2311](https://github.com/nodejs/undici/issues/2311)): End stream after body sent by [@&#8203;metcoder95](https://github.com/metcoder95) in [https://github.com/nodejs/undici/pull/2314](https://github.com/nodejs/undici/pull/2314)
-   disallow setting host header in fetch by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2322](https://github.com/nodejs/undici/pull/2322)
-   \[StepSecurity] ci: Harden GitHub Actions by [@&#8203;step-security-bot](https://github.com/step-security-bot) in [https://github.com/nodejs/undici/pull/2325](https://github.com/nodejs/undici/pull/2325)
-   fix fetch with coverage enabled by [@&#8203;KhafraDev](https://github.com/KhafraDev) in [https://github.com/nodejs/undici/pull/2330](https://github.com/nodejs/undici/pull/2330)
-   Fix stuck when using http2 POST Buffer by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)
-   fix: 🏷️ add allowH2 to BuildOptions by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2334](https://github.com/nodejs/undici/pull/2334)
-   fix: 🐛 fix process http2 header by [@&#8203;binsee](https://github.com/binsee) in [https://github.com/nodejs/undici/pull/2332](https://github.com/nodejs/undici/pull/2332)

#### New Contributors

-   [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) made their first contribution in [https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
-   [@&#8203;nicole0707](https://github.com/nicole0707) made their first contribution in [https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
-   [@&#8203;balazsorban44](https://github.com/balazsorban44) made their first contribution in [https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
-   [@&#8203;binsee](https://github.com/binsee) made their first contribution in [https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)

**Full Changelog**: nodejs/undici@v5.23.4...v5.26.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 9pm on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/ascorbic/unpic-img).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNDYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
louis-bompart referenced this pull request in coveo/cli Jan 16, 2024
…#1402)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [undici](https://undici.nodejs.org)
([source](https://github.com/nodejs/undici)) | [`5.22.0` ->
`5.26.2`](https://renovatebot.com/diffs/npm/undici/5.22.0/5.26.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/undici/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/undici/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/undici/5.22.0/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/undici/5.22.0/5.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2023-45143](https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp)

### Impact

Undici clears Authorization headers on cross-origin redirects, but does
not clear `Cookie` headers. By design, `cookie` headers are [forbidden
request
headers](https://fetch.spec.whatwg.org/#forbidden-request-header),
disallowing them to be set in `RequestInit.headers` in browser
environments. Since Undici handles headers more liberally than the
specification, there was a disconnect from the assumptions the spec
made, and Undici's implementation of fetch.

As such this may lead to accidental leakage of cookie to a 3rd-party
site or a malicious attacker who can control the redirection target (ie.
an open redirector) to leak the cookie to the 3rd party site.

### Patches

This was patched in
[e041de359221ebeae04c469e8aff4145764e6d76](https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76),
which is included in version 5.26.2.

---

### Release Notes

<details>
<summary>nodejs/undici (undici)</summary>

### [`v5.26.2`](https://github.com/nodejs/undici/releases/tag/v5.26.2)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.26.1...v5.26.2)

Security Release, CVE-2023-45143.

### [`v5.26.1`](https://github.com/nodejs/undici/releases/tag/v5.26.1)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.26.0...v5.26.1)

#### What's Changed

- Fix publish undici-types once and for all! by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2338](https://github.com/nodejs/undici/pull/2338)
- Fix node detection omfg by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2341](https://github.com/nodejs/undici/pull/2341)

**Full Changelog**:
nodejs/undici@v5.26.0...v5.26.1

### [`v5.26.0`](https://github.com/nodejs/undici/releases/tag/v5.26.0)

[Compare
Source](https://github.com/nodejs/undici/compare/5e654f351a9a813fed3e9feff4388b5c4fbda787...v5.26.0)

#### What's Changed

- use npm install instead of npm ci by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2309](https://github.com/nodejs/undici/pull/2309)
- change default header to `node` by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2310](https://github.com/nodejs/undici/pull/2310)
- chore: change order of the pseudo-headers by
[@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) in
[https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
- fix: Agent.Options.factory should accept URL object or string as
parameter by [@&#8203;nicole0707](https://github.com/nicole0707) in
[https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
- build(deps-dev): bump sinon from 15.2.0 to 16.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2312](https://github.com/nodejs/undici/pull/2312)
- test: handle npm ignore-scripts settings by
[@&#8203;panva](https://github.com/panva) in
[https://github.com/nodejs/undici/pull/2313](https://github.com/nodejs/undici/pull/2313)
- feat: respect `--max-http-header-size` Node.js flag by
[@&#8203;balazsorban44](https://github.com/balazsorban44) in
[https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
- fix([#&#8203;2311](https://github.com/nodejs/undici/issues/2311)):
End stream after body sent by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2314](https://github.com/nodejs/undici/pull/2314)
- disallow setting host header in fetch by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2322](https://github.com/nodejs/undici/pull/2322)
- \[StepSecurity] ci: Harden GitHub Actions by
[@&#8203;step-security-bot](https://github.com/step-security-bot) in
[https://github.com/nodejs/undici/pull/2325](https://github.com/nodejs/undici/pull/2325)
- fix fetch with coverage enabled by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2330](https://github.com/nodejs/undici/pull/2330)
- Fix stuck when using http2 POST Buffer by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)
- fix: 🏷️ add allowH2 to BuildOptions by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2334](https://github.com/nodejs/undici/pull/2334)
- fix: 🐛 fix process http2 header by
[@&#8203;binsee](https://github.com/binsee) in
[https://github.com/nodejs/undici/pull/2332](https://github.com/nodejs/undici/pull/2332)

#### New Contributors

- [@&#8203;kyrylodolynskyi](https://github.com/kyrylodolynskyi) made
their first contribution in
[https://github.com/nodejs/undici/pull/2308](https://github.com/nodejs/undici/pull/2308)
- [@&#8203;nicole0707](https://github.com/nicole0707) made their first
contribution in
[https://github.com/nodejs/undici/pull/2295](https://github.com/nodejs/undici/pull/2295)
- [@&#8203;balazsorban44](https://github.com/balazsorban44) made their
first contribution in
[https://github.com/nodejs/undici/pull/2234](https://github.com/nodejs/undici/pull/2234)
- [@&#8203;binsee](https://github.com/binsee) made their first
contribution in
[https://github.com/nodejs/undici/pull/2336](https://github.com/nodejs/undici/pull/2336)

**Full Changelog**:
nodejs/undici@v5.23.4...v5.26.0

###
[`v5.25.4`](https://github.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.3...5e654f351a9a813fed3e9feff4388b5c4fbda787)

### [`v5.25.3`](https://github.com/nodejs/undici/releases/tag/v5.25.3)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.2...v5.25.3)

#### What's Changed

- perf: improve parse-url implementation by
[@&#8203;anonrig](https://github.com/anonrig) in
[https://github.com/nodejs/undici/pull/2286](https://github.com/nodejs/undici/pull/2286)
- test: enable websockets inclusion in WPTReport by
[@&#8203;panva](https://github.com/panva) in
[https://github.com/nodejs/undici/pull/2284](https://github.com/nodejs/undici/pull/2284)
- remove npm run test from pre-commit hook by
[@&#8203;dancastillo](https://github.com/dancastillo) in
[https://github.com/nodejs/undici/pull/2296](https://github.com/nodejs/undici/pull/2296)
- perf: use
[@&#8203;fastify/busboy](https://github.com/fastify/busboy) by
[@&#8203;gurgunday](https://github.com/gurgunday) in
[https://github.com/nodejs/undici/pull/2211](https://github.com/nodejs/undici/pull/2211)
- Disable finalizationregistry if node code cov by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2298](https://github.com/nodejs/undici/pull/2298)

#### New Contributors

- [@&#8203;gurgunday](https://github.com/gurgunday) made their first
contribution in
[https://github.com/nodejs/undici/pull/2211](https://github.com/nodejs/undici/pull/2211)

**Full Changelog**:
nodejs/undici@v5.25.2...v5.25.3

### [`v5.25.2`](https://github.com/nodejs/undici/releases/tag/v5.25.2)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.1...v5.25.2)

#### What's Changed

- Add Khaf to releasers by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2276](https://github.com/nodejs/undici/pull/2276)
- fix: fix request with readable mode is object by
[@&#8203;killagu](https://github.com/killagu) in
[https://github.com/nodejs/undici/pull/2279](https://github.com/nodejs/undici/pull/2279)
- fix loading websockets when node is built w/ --without-ssl by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2282](https://github.com/nodejs/undici/pull/2282)

#### New Contributors

- [@&#8203;killagu](https://github.com/killagu) made their first
contribution in
[https://github.com/nodejs/undici/pull/2279](https://github.com/nodejs/undici/pull/2279)

**Full Changelog**:
nodejs/undici@v5.25.1...v5.25.2

### [`v5.25.1`](https://github.com/nodejs/undici/releases/tag/v5.25.1)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.25.0...v5.25.1)

#### What's Changed

- Add publish types script by
[@&#8203;Ethan-Arrowood](https://github.com/Ethan-Arrowood) in
[https://github.com/nodejs/undici/pull/2273](https://github.com/nodejs/undici/pull/2273)

**Full Changelog**:
nodejs/undici@v5.25.0...v5.25.1

### [`v5.25.0`](https://github.com/nodejs/undici/releases/tag/v5.25.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.24.0...v5.25.0)

#### What's Changed

- fix: h2 without body by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2258](https://github.com/nodejs/undici/pull/2258)
- ci: remove duplicated runs by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2265](https://github.com/nodejs/undici/pull/2265)
- improve documentation of timeouts by making the units clear in all
places by [@&#8203;mcfedr](https://github.com/mcfedr) in
[https://github.com/nodejs/undici/pull/2266](https://github.com/nodejs/undici/pull/2266)
- expose websocket in node bundle by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2217](https://github.com/nodejs/undici/pull/2217)
- test: fix Fetch/HTTP2 tests by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2263](https://github.com/nodejs/undici/pull/2263)
- fix undici when node is built with --without-ssl by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2272](https://github.com/nodejs/undici/pull/2272)
- fix: Fix type definition for Client Interceptors by
[@&#8203;ComradeCow](https://github.com/ComradeCow) in
[https://github.com/nodejs/undici/pull/2269](https://github.com/nodejs/undici/pull/2269)
- Fix http2 agent by [@&#8203;mcollina](https://github.com/mcollina)
in
[https://github.com/nodejs/undici/pull/2275](https://github.com/nodejs/undici/pull/2275)

#### New Contributors

- [@&#8203;ComradeCow](https://github.com/ComradeCow) made their first
contribution in
[https://github.com/nodejs/undici/pull/2269](https://github.com/nodejs/undici/pull/2269)

**Full Changelog**:
nodejs/undici@v5.24.0...v5.25.0

### [`v5.24.0`](https://github.com/nodejs/undici/releases/tag/v5.24.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.23.0...v5.24.0)

#### Notable Changes

- feat: Add H2 support by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2061](https://github.com/nodejs/undici/pull/2061)

#### What's Changed

- build(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2203](https://github.com/nodejs/undici/pull/2203)
- better stack trace for body.json by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2215](https://github.com/nodejs/undici/pull/2215)
- allow http & https websocket urls by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2218](https://github.com/nodejs/undici/pull/2218)
- build(deps-dev): bump
[@&#8203;sinonjs/fake-timers](https://github.com/sinonjs/fake-timers)
from 10.3.0 to 11.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2221](https://github.com/nodejs/undici/pull/2221)
- fix: pass ProxyAgent proxy status code error by
[@&#8203;NBNGaming](https://github.com/NBNGaming) in
[https://github.com/nodejs/undici/pull/2162](https://github.com/nodejs/undici/pull/2162)
- fix failing test by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2223](https://github.com/nodejs/undici/pull/2223)
- docs: update MockPool.md intercept method description by
[@&#8203;capaj](https://github.com/capaj) in
[https://github.com/nodejs/undici/pull/2220](https://github.com/nodejs/undici/pull/2220)
- Update wpts by [@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2226](https://github.com/nodejs/undici/pull/2226)
- build(deps): bump github/codeql-action from 2.21.2 to 2.21.5 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2240](https://github.com/nodejs/undici/pull/2240)
- build(deps): bump actions/setup-node from 3.6.0 to 3.8.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2237](https://github.com/nodejs/undici/pull/2237)
- build(deps): bump fastify/github-action-merge-dependabot from 3.9.0 to
3.9.1 by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2236](https://github.com/nodejs/undici/pull/2236)
- build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2241](https://github.com/nodejs/undici/pull/2241)
- build(deps): bump actions/dependency-review-action from 3.0.6 to 3.0.8
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2238](https://github.com/nodejs/undici/pull/2238)
- fix: aborting request with non-object error by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2243](https://github.com/nodejs/undici/pull/2243)
- fix: preserve file path when parsing formdata by
[@&#8203;jimmywarting](https://github.com/jimmywarting) in
[https://github.com/nodejs/undici/pull/2245](https://github.com/nodejs/undici/pull/2245)
- build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2246](https://github.com/nodejs/undici/pull/2246)
- Updated benchmarks by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2250](https://github.com/nodejs/undici/pull/2250)
- Fix fetch in node v20.6.0 by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2251](https://github.com/nodejs/undici/pull/2251)
- Maybe fix v20 by [@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2252](https://github.com/nodejs/undici/pull/2252)
- feat: Add H2 support by
[@&#8203;metcoder95](https://github.com/metcoder95) in
[https://github.com/nodejs/undici/pull/2061](https://github.com/nodejs/undici/pull/2061)
- docs: fix tables in README by
[@&#8203;regseb](https://github.com/regseb) in
[https://github.com/nodejs/undici/pull/2254](https://github.com/nodejs/undici/pull/2254)
- Fix http2 fetch test by
[@&#8203;mcollina](https://github.com/mcollina) in
[https://github.com/nodejs/undici/pull/2253](https://github.com/nodejs/undici/pull/2253)

#### New Contributors

- [@&#8203;NBNGaming](https://github.com/NBNGaming) made their first
contribution in
[https://github.com/nodejs/undici/pull/2162](https://github.com/nodejs/undici/pull/2162)
- [@&#8203;capaj](https://github.com/capaj) made their first
contribution in
[https://github.com/nodejs/undici/pull/2220](https://github.com/nodejs/undici/pull/2220)
- [@&#8203;regseb](https://github.com/regseb) made their first
contribution in
[https://github.com/nodejs/undici/pull/2254](https://github.com/nodejs/undici/pull/2254)

**Full Changelog**:
nodejs/undici@v5.23.0...v5.24.0

### [`v5.23.0`](https://github.com/nodejs/undici/releases/tag/v5.23.0)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.22.1...v5.23.0)

#### What's Changed

- bump engines to node >= 16 by
[@&#8203;ronag](https://github.com/ronag) in
[https://github.com/nodejs/undici/pull/2119](https://github.com/nodejs/undici/pull/2119)
- Revert "bump engines to node >= 16
([#&#8203;2119](https://github.com/nodejs/undici/issues/2119))" by
[@&#8203;ronag](https://github.com/ronag) in
[https://github.com/nodejs/undici/pull/2121](https://github.com/nodejs/undici/pull/2121)
- fetch: set referrer properly by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2125](https://github.com/nodejs/undici/pull/2125)
- fix: support truncated gzip by
[@&#8203;jimmywarting](https://github.com/jimmywarting) in
[https://github.com/nodejs/undici/pull/2126](https://github.com/nodejs/undici/pull/2126)
- workflow: apply security best practices by
[@&#8203;step-security-bot](https://github.com/step-security-bot) in
[https://github.com/nodejs/undici/pull/2130](https://github.com/nodejs/undici/pull/2130)
- build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2135](https://github.com/nodejs/undici/pull/2135)
- build(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.4
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2133](https://github.com/nodejs/undici/pull/2133)
- build(deps): bump node from 18-alpine to 20-alpine in /build by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2131](https://github.com/nodejs/undici/pull/2131)
- build(deps): bump pkgjs/action from 0.1.6 to 0.1.7 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2136](https://github.com/nodejs/undici/pull/2136)
- build(deps): bump actions/checkout from 3.1.0 to 3.5.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2132](https://github.com/nodejs/undici/pull/2132)
- build(deps-dev): bump jsdom from 21.1.2 to 22.1.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2142](https://github.com/nodejs/undici/pull/2142)
- build(deps): bump fastify/github-action-merge-dependabot from 3.7.0 to
3.8.0 by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2148](https://github.com/nodejs/undici/pull/2148)
- fix(pr): use correct pr template file by
[@&#8203;AugustinMauroy](https://github.com/AugustinMauroy) in
[https://github.com/nodejs/undici/pull/2141](https://github.com/nodejs/undici/pull/2141)
- Additional WebSocket send tests to cover all payload size categories
by [@&#8203;jawj](https://github.com/jawj) in
[https://github.com/nodejs/undici/pull/2149](https://github.com/nodejs/undici/pull/2149)
- fix: reverse decompression order of "Content-Encoding" encodings
(fixes [#&#8203;2158](https://github.com/nodejs/undici/issues/2158))
by [@&#8203;rychkog](https://github.com/rychkog) in
[https://github.com/nodejs/undici/pull/2159](https://github.com/nodejs/undici/pull/2159)
- fix: keep running WPTs if a test times out by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2165](https://github.com/nodejs/undici/pull/2165)
- feat: add build environment info by
[@&#8203;mhdawson](https://github.com/mhdawson) in
[https://github.com/nodejs/undici/pull/2168](https://github.com/nodejs/undici/pull/2168)
- fix: forward error reason to fetch controller by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2172](https://github.com/nodejs/undici/pull/2172)
- stricter types for bodymixin.json by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2181](https://github.com/nodejs/undici/pull/2181)
- chore: Renable autoSelectFamily tests. by
[@&#8203;ShogunPanda](https://github.com/ShogunPanda) in
[https://github.com/nodejs/undici/pull/2180](https://github.com/nodejs/undici/pull/2180)
- build(deps): bump actions/dependency-review-action from 3.0.4 to 3.0.6
by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2147](https://github.com/nodejs/undici/pull/2147)
- build(deps): bump github/codeql-action from 2.3.2 to 2.20.3 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2185](https://github.com/nodejs/undici/pull/2185)
- fix: fetch resource timing performance entry names should be strings
by [@&#8203;GaryWilber](https://github.com/GaryWilber) in
[https://github.com/nodejs/undici/pull/2188](https://github.com/nodejs/undici/pull/2188)
- build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2176](https://github.com/nodejs/undici/pull/2176)
- build(deps): bump fastify/github-action-merge-dependabot from 3.8.0 to
3.9.0 by [@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2177](https://github.com/nodejs/undici/pull/2177)
- build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2178](https://github.com/nodejs/undici/pull/2178)
- build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2175](https://github.com/nodejs/undici/pull/2175)
- test: fix `autoselectfamily` on platforms without IPv6 support by
[@&#8203;LiviaMedeiros](https://github.com/LiviaMedeiros) in
[https://github.com/nodejs/undici/pull/2197](https://github.com/nodejs/undici/pull/2197)
- fix: make multipart/form-data boundary string more consistent by
[@&#8203;LiviaMedeiros](https://github.com/LiviaMedeiros) in
[https://github.com/nodejs/undici/pull/2196](https://github.com/nodejs/undici/pull/2196)
- docs: add proxy agent options docs by
[@&#8203;dancastillo](https://github.com/dancastillo) in
[https://github.com/nodejs/undici/pull/2193](https://github.com/nodejs/undici/pull/2193)
- build(deps): bump github/codeql-action from 2.20.3 to 2.21.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2205](https://github.com/nodejs/undici/pull/2205)
- feat: make use of `addAbortListener` where applicable by
[@&#8203;atlowChemi](https://github.com/atlowChemi) in
[https://github.com/nodejs/undici/pull/2195](https://github.com/nodejs/undici/pull/2195)

#### New Contributors

- [@&#8203;step-security-bot](https://github.com/step-security-bot)
made their first contribution in
[https://github.com/nodejs/undici/pull/2130](https://github.com/nodejs/undici/pull/2130)
- [@&#8203;AugustinMauroy](https://github.com/AugustinMauroy) made
their first contribution in
[https://github.com/nodejs/undici/pull/2141](https://github.com/nodejs/undici/pull/2141)
- [@&#8203;rychkog](https://github.com/rychkog) made their first
contribution in
[https://github.com/nodejs/undici/pull/2159](https://github.com/nodejs/undici/pull/2159)
- [@&#8203;mhdawson](https://github.com/mhdawson) made their first
contribution in
[https://github.com/nodejs/undici/pull/2168](https://github.com/nodejs/undici/pull/2168)
- [@&#8203;GaryWilber](https://github.com/GaryWilber) made their first
contribution in
[https://github.com/nodejs/undici/pull/2188](https://github.com/nodejs/undici/pull/2188)
- [@&#8203;atlowChemi](https://github.com/atlowChemi) made their first
contribution in
[https://github.com/nodejs/undici/pull/2195](https://github.com/nodejs/undici/pull/2195)

**Full Changelog**:
nodejs/undici@v5.22.1...v5.23.0

### [`v5.22.1`](https://github.com/nodejs/undici/releases/tag/v5.22.1)

[Compare
Source](https://github.com/nodejs/undici/compare/v5.22.0...v5.22.1)

#### What's Changed

- Cache storage by [@&#8203;KhafraDev](https://github.com/KhafraDev)
in
[https://github.com/nodejs/undici/pull/2076](https://github.com/nodejs/undici/pull/2076)
- test: skip content-disposition test in node 18 by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2081](https://github.com/nodejs/undici/pull/2081)
- Cache storage cleanup by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2082](https://github.com/nodejs/undici/pull/2082)
- Cache storage fixes by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2083](https://github.com/nodejs/undici/pull/2083)
- test: improve test coverage for ErrorEvent and MessageEvent by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2085](https://github.com/nodejs/undici/pull/2085)
- test: remove --experimental-wasm-simd by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2087](https://github.com/nodejs/undici/pull/2087)
- websocket: add websocketinit by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2088](https://github.com/nodejs/undici/pull/2088)
- feat(websocket): allow setting custom headers by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2089](https://github.com/nodejs/undici/pull/2089)
- test: fix tests failing only on node v20 by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2096](https://github.com/nodejs/undici/pull/2096)
- fix: skip set content-length when FormData value is stream by
[@&#8203;fengmk2](https://github.com/fengmk2) in
[https://github.com/nodejs/undici/pull/2091](https://github.com/nodejs/undici/pull/2091)
- doc: update outdated command in contributing.md by
[@&#8203;jazelly](https://github.com/jazelly) in
[https://github.com/nodejs/undici/pull/2099](https://github.com/nodejs/undici/pull/2099)
- cache: fix most failing WPTs by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2100](https://github.com/nodejs/undici/pull/2100)
- feat: allow build:wasm to auto detect platform by
[@&#8203;jazelly](https://github.com/jazelly) in
[https://github.com/nodejs/undici/pull/2102](https://github.com/nodejs/undici/pull/2102)
- docs: updated Error documentation (fixes
[#&#8203;2090](https://github.com/nodejs/undici/issues/2090)) by
[@&#8203;titanism](https://github.com/titanism) in
[https://github.com/nodejs/undici/pull/2092](https://github.com/nodejs/undici/pull/2092)
- mimesniff: fix many broken tests by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2103](https://github.com/nodejs/undici/pull/2103)
- test: fix failing tests by
[@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2097](https://github.com/nodejs/undici/pull/2097)
- build(deps): bump github/codeql-action from 2.2.9 to 2.3.2 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/nodejs/undici/pull/2105](https://github.com/nodejs/undici/pull/2105)
- fix: more informative error message to tell that the server doesn't
match http/1.1 protocol by
[@&#8203;Songkeys](https://github.com/Songkeys) in
[https://github.com/nodejs/undici/pull/2055](https://github.com/nodejs/undici/pull/2055)
- Fix bug in 16-bit frame length when buffer is a subarray by
[@&#8203;jawj](https://github.com/jawj) in
[https://github.com/nodejs/undici/pull/2106](https://github.com/nodejs/undici/pull/2106)
- update wpts by [@&#8203;KhafraDev](https://github.com/KhafraDev) in
[https://github.com/nodejs/undici/pull/2108](https://github.com/nodejs/undici/pull/2108)
- fix: update error definitions by
[@&#8203;dfilatov](https://github.com/dfilatov) in
[https://github.com/nodejs/undici/pull/2112](https://github.com/nodejs/undici/pull/2112)
- fix: make assertion a noop by
[@&#8203;ronag](https://github.com/ronag) in
[https://github.com/nodejs/undici/pull/2111](https://github.com/nodejs/undici/pull/2111)

#### New Contributors

- [@&#8203;jazelly](https://github.com/jazelly) made their first
contribution in
[https://github.com/nodejs/undici/pull/2099](https://github.com/nodejs/undici/pull/2099)
- [@&#8203;titanism](https://github.com/titanism) made their first
contribution in
[https://github.com/nodejs/undici/pull/2092](https://github.com/nodejs/undici/pull/2092)
- [@&#8203;Songkeys](https://github.com/Songkeys) made their first
contribution in
[https://github.com/nodejs/undici/pull/2055](https://github.com/nodejs/undici/pull/2055)
- [@&#8203;jawj](https://github.com/jawj) made their first
contribution in
[https://github.com/nodejs/undici/pull/2106](https://github.com/nodejs/undici/pull/2106)
- [@&#8203;dfilatov](https://github.com/dfilatov) made their first
contribution in
[https://github.com/nodejs/undici/pull/2112](https://github.com/nodejs/undici/pull/2112)

**Full Changelog**:
nodejs/undici@v5.22.0...v5.22.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log [here](https://developer.mend.io/github/coveo/cli).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->

---------

Co-authored-by: developer-experience-bot[bot] <91079284+developer-experience-bot[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
crysmags pushed a commit to crysmags/undici that referenced this pull request Feb 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants